It took the intruder less than a minute to break into the university's computer via the Internet, and he stayed less than a half an hour. Yet finding out what he did in that time took researchers, on average, more than 34 hours each.. . .
It took the intruder less than a minute to break into the university's computer via the Internet, and he stayed less than a half an hour. Yet finding out what he did in that time took researchers, on average, more than 34 hours each.

That inequity -- highlighted during the Forensic Challenge, a contest of digital-sleuthing skills whose results were announced this week -- underscores the costs of cleaning up after an intruder compromises a network, said David Dittrich, senior security engineer at the University of Washington and the lead judge in the contest.

"This guy can do all that damage in a half an hour," he said. Dittrich estimated that those 34 hours would cost a company about $2,000 (Â£1,408.50) if the investigation was handled internally and more than $22,000 (Â£15,493) if a consultant was called in. "Those are conservative estimates, as well," he said.